Chapter 27 - Analyzing Cisco Wireless Architectures

Question 1

What are Autonomous Access Points?

Answer 1

• Self sufficient systems that do not require a WLC (Wireless LAN Controller) to function.
• Without a central management system, each AP needs to be configured individually via console cable, web config, SSH, or Telnet.
• Can connect directly to a wired LAN so that wired and wireless hosts can communicate.
• Channel/Frequency, security policy, and QoS must be configured manually and is handled by the AP.

Question 2

What are Cloud-Based Access Points?

Answer 2

• Autonomous APs that can be centrally managed and configured using a cloud-based management system.
• Can connect directly to a wired LAN so that wired and wireless hosts can communicate.
• The same as autonomous APs except can be centrally managed.
• Only Control Plane/Management traffic is sent to the cloud. Data Plane traffic takes the normal route (e.g. To the Distribution Layer etc.)
• Channel, Frequency, Transmit Power etc. can be dynamically decided for APs based on data taken by the management platform.
• An example of a cloud-based wirless system is Cisco Meraki

Question 3

What is a Control Plane?

Answer 3

Any traffic used to control, configure, manage, and monitor an AP.

Question 4

What is a Data Plane?

Answer 4

Any end-user traffic passing through the AP.

Question 5

What is Split-MAC Architecture?

Answer 5

• A form of wireless architecture in which the data processing and management traffic are split between a Lightweight Access Point and a WLC (Wireless LAN Controller).

Question 6

What is a Lightweight Access Point?

Answer 6

• Part of Split MAC-Architecture that handles the sending/receiving of traffic, encryption/decryption, sending out beacons and probes.
• The other part being the WLC (Wireless LAN Controller). This handles management (e.g. RF Management, Authenticating users, Security/QoS policies, selecting channels/frequencies, User authentication and roaming management).

Question 7

What is a WLC?

Answer 7

• Wireless LAN Controller
• Part of Split MAC-Architecture that handles management traffic such as RF Management, Authenticating users, Security/QoS policies, selecting channels/frequencies, and roaming management.
• The other part being the Lightweight Access Point that handles data traffic (e.g. sending/receiving of traffic, encryption/decryption, sending out beacons and probes.).

Question 8

True or False. In Split-MAC Architecture, Lightweight APs and the WLC have to be part of the same subnet.

Answer 8

False.

Question 9

What is CAPWAP?

Answer 9

• The Control And Provisioning of Wireless Access Points
• Based on an older protocol called LWAPP (LightWeight Access Point Protocol)
• A tunnelling protocol used in Split-MAC Architecture that creates two tunnels:
  - One for control (management) messages that are used to configure, control, and manage APs (uses UDP port 5246).
  Encrypted by default.
  - One for data which is where all traffic from wireless clients (excluding management) is sent. This goes to the WLC not
  directly to its destination (uses UDP port 5247).
• Encapsulates communication between LAPs and the WLC in new IP packets.

Question 10

What are the two different tunnels created by CAPWAP?

Answer 10

• CAPWAP Control (5246) - Carries traffic used to configure and manage a LAP. Control messages are authenticated and encrypted by default so that the LAP can only interpret traffic from from the appropriate WLC.
• CAPWAP Data (5247) - Carries traffic between wireless clients associated with this particular LAP. Data messages are not encrypted by default, although, this can be enabled in the form of DTLS (Datagram Transport Layer Security).

Question 11

What older technology is CAPWAP based on?

Answer 11

• Lightweight Access Point Protocol
• A legacy proprietary Cisco solution

Question 12

What ports do the two CAPWAP tunnels use?

Answer 12

• CAPWAP Control - UDP 5246
• CAPWAP Data - UDP 5247

Question 13

What is the certificate installed in each WLC and LAP upon manufacture required to authenticate each other?

Answer 13

• X.509
• Stops unauthorized APs from being added to the network an authenticated by the WLC

Question 14

What layer do the CAPWAP tunnels operate at?

Answer 14

Layer 3

Question 15

What are some of the functions and benefits of Split-MAC architecture?

Answer 15

• Dynamic Channel Assignment - Automatically choose and configure the channel used by each AP based on other active APs
• Transmit Power Optimization - Automatically set transmit power of each AP based on the coverage area required and the coverage area of other APs
• Self-Healing Wireless Coverage - If an AP dies, the coverage hole can be healed by turning up the transmit power of surrounding APs
• Flexible Client Roaming - Clients can roam between APs quickly
• Dynamic Client Load Balancing - If two or more APs cover the same area, the WLC can associate clients with the least congested AP.
• RF Monitoring - The WLC manages each AP and scans channels to monitor channel usage. The WLC can gather information about channels such as interference, noise, signals from other APs.
• Security and QoS policy Management - Can authenticate clients centrally and require them to obtain an IP from a trusted DHCP server before being allowed to associate to access the WLAN.
• Wireless Intrusion Protection - Can monitor client data to prevent malicious activity
• Scalability - It is much easier to build, maintain, and add to larger wireless networks

Question 16

True or False. You can only have one WLC in a single deployment.

Answer 16

False.

Question 17

What are the different types of WLC deployment?

Answer 17

• Unified/Centralized - Putting the WLC in a central location at the core layer of the network (such as a data center).
• Cloud-Based - Still having a centralized location for the WLC, except it is hosted virtually rather than as a physical device. Not the same as Clou-Based AP Architecture
• Embedded - Generally used for smaller deployments/branch locations, these are normally found at the access layer (e.g. embedded in another device like a switch).
• Mobility Express - Used for much smaller deployments, rather than a dedicated WLC, one or more of the APs can act as a WLC. The AP containing the WLC builds CAPWAP tunnels to the WLC. Other APs also build CAPWAP tunnels to the AP containing the WLC.

Question 18

What is the typical maximum amount of APs that a WLC can support?
What is the maximum amount of clients each deployment can support?

Answer 18

• Unified/Centralised (Physical in data centre) - 6000 APs - 64000 Clients
• Cloud-Based (Virtual in data centre) - 3000 - 32000 Clients
• Embedded (Embedded in another device on-site) - 200 APs - 4000 Clients
• Mobility Express (Embdedd in an AP on-site) - 100 APs - 2000 Clients

Question 19

What are the different special purpose modes that LAPs can be configured in?

Answer 19

• Local - The default mode that allows the AP to offer one or more BSSs on a specific channel. When the AP is not transmitting it will perform tasks such as scanning other channels to measure noise and interference, discover rogue devices, matching against intrusion detection system events.
• FlexConnect - An AP can switch traffic between its wired and wireless networks still even if its connection to the WLC is down. I.e. It would be able to send traffic that needed to be routed directly to the router rather than to the WLC first. Functions that would normally be performed by the WLC (e.g. Client Authentication) can be performed locally by the AP.
• Sniffer - Does not offer a BSS. An AP dedicates its radios to recieve 802.11 traffic from other sources. The traffic can then be forwarded to a device (e.g. a PC) which can then analyze the traffic (Wireshark).
• Monitor - Does not offer a BSS. Dedicated to detecting rogue wireless devices. If the device is found to be rogue, the AP can send de-authentication messages to remove the rogue device.
• Rogue Detector - Does not offer a BSS or use its radio. An AP dedicates itsself to detecting rogue APs by correlating MAC addresses found on the wired network with those heard over wireless.
• Bridge - An AP becomes a point-to-point connection between two networks. Two APs in bridge mode can be used to link two separate locations. Multiple APs setup like this can form a mesh network.
• Flex+Bridge - FlexConnect is enabled on a mesh AP.
• SE-Connect (Spectrum Expert Connect) - Does not offer a BSS. An AP dedicates its radios to spectrum analysis on all channels to discover interference. A device running analyzer software (e.g. Cisco Spectrum Expert) would connect to this AP to analyse.

Question 20

True or False. A LAP can not function without a WLC.

Answer 20

Bit of both. Generally speaking it cannot function unless it is in FlexConnect mode. This means that the LAP can switch traffic between its wired and wireless networks still even if its connection to the WLC is down.

Question 21

True or False. When a LAP is in any mode other than local mode, all BSSs are disabled on this LAP.

Answer 21

True.

Question 22

True or False. If a LAP would like to broadcast multiple VLANs, there must be a trunk link between the LAP and the WLC that carries all VLANs.

Answer 22

False. Data carried over a CAPWAP tunnel is encapsulated in layer 3 packets that are not differentiated by VLAN.

Question 23

What are the different parts of an 802.11 frame?

Answer 23

• Frame Control - Provides information such as the message type and subtype (e.g. whether it’s management) (2 bytes).
• Duration/ID - Depending on the message type, it can either determine the time in microseconds that the channel will be taken up sending the frame, or an identifier for the association between the client and the AP (2 bytes).
• Address(es) 1,2, and 3 - The message type determines how many of these are required to be present. (all 6 bytes) the types are:
  1. Destination Address - The final receiver of the frame
  2. Source Address - The original sender of the frame
  3. Receiver Address - The immediate receiver of the frame (but not necessarily the final destination).
• Sequence Control - Used to reassemble fragments and detect duplicate frames (2 bytes).
• Address 4 - Transmitter Address - The immediate sender of the frame (but not necessarily the original source).
• QoS Control - Used in QoS to prioritise certain traffic (2 bytes).
• High Throughput Control - Introduced in 802.11n to enable High Throughput Operations (4 bytes).
• Frame Body - The payload (packet, variable size).
• FCS - Used to check for errors the same as in Ethernet (4 bytes).

Question 24

True or False. Autonomous APs carry data from multiple WLANs over a CAPWAP tunnel.

Answer 24

False. A trunk link between the AP and the wired network is required. Even when only dealing with a single WLAN, it is still best practice (but not required) since the management traffic should be in a different VLAN.

Question 25

True or False. LAPs will only send data to the WLC if the destination resides on the same subnet.

Answer 25

False. All data will be forwarded to the WLC even if the destination is on the same link as the source.

Question 26

True or False. All 4 address fields are present in an 802.11 frame that is destined for a wired host.

Answer 26

False. Only the first 3 are. The 4th one is included in wireless to wireless communication.

Question 27

Functions of APs and WLCs in Split-MAC architecture.

Answer 27

AP:
- Beacons and probe responses
- Packet acknowledgments and retransmissions
- Frame queueing and packet prioritization
- MAC layer data encryption and decryption

WLC:
- Authentication
- Association and re-association of
- Frame translation to other protocols
- Termination of 802.11 traffic on wired interfaces